Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Wenting Wang,Dongqin Feng,Mingliang Chen,Shuxian Yang

DOI: https://doi.org/10.1109/ccdc62350.2024.10588015

2024-01-01

Abstract:This work investigates the problem of detecting and localizing attacks on a class of power cyber-physical systems (CPSs) in the presence of dynamic load alteration attacks (D-LAA). The power CPS is modeled as a discrete-time system with an unknown input, assuming that the sampling process is periodic and the D-LAA is bounded. This study delves into the investigation of attack detection and localization within a specific category of power cyber-physical systems (CPSs) when dealing with dynamic load alteration attacks (D-LAA). A novel Maximum Correntropy Robust Two-Stage Kalman Filter (MCRTSKF) is proposed so that the accurate state estimation for power CPS is achieved in spite of anomalous noise. Meanwhile, some essential parameters for the designed filter are obtained through the fixed-point iteration-stop parameter selection method. Furthermore, based on the state estimate value, the attack detection and localization procedure is presented. Finally, the validity and effectiveness of the proposed attack detection and localization schemes are illustrated by case studies on an IEEE 9-bus system.

Lin Zhang,Kaustubh Sridhar,Mengyu Liu,Pengyuan Lu,Xin Chen,Fanxin Kong,Oleg Sokolsky,Insup Lee

DOI: https://doi.org/10.1109/RTAS58335.2023.00024

2023-01-01

Abstract:Cyber-physical systems (CPSs) leverage computations to operate physical objects in real-world environments, and increasingly more CPS-based applications have been designed for life-critical applications. Therefore, any vulnerability in such a system can lead to severe consequences if exploited by adversaries. In this paper, we present a data predictive recovery system to safeguard the CPS from sensor attacks, assuming that we can identify compromised sensors from data. Our recovery system guarantees that the CPS will never encounter unsafe states and will smoothly recover to a target set within a conservative deadline. It also guarantees that the CPS will remain within the target set for a specified period. Major highlights of our paper include (i) the recovery procedure works on nonlinear systems, (ii) the method leverages uncorrupted sensors to relieve uncertainty accumulation, and (iii) an extensive set of experiments on various nonlinear benchmarks that demonstrate our framework's performance and efficiency.

Lin Zhang,Luis Burbano,Xin Chen,Alvaro A. Cardenas,Steven Drager,Matthew Anderson,Fanxin Kong

DOI: https://doi.org/10.1109/rtas61025.2024.00030

2023-01-01

Abstract:Cyber-physical systems tightly integrate computational resources with physical processes through sensing and actuating, widely penetrating various safety-critical domains, such as autonomous driving, medical monitoring, and industrial control. Unfortunately, they are susceptible to assorted attacks that can result in injuries or physical damage soon after the system is compromised. Consequently, we require mechanisms that swiftly recover their physical states, redirecting a compromised system to desired states to mitigate hazardous situations that can result from attacks. However, existing recovery studies have overlooked stochastic uncertainties that can be unbounded, making a recovery infeasible or invalidating safety and real-time guarantees. This paper presents a novel recovery approach that achieves the highest probability of steering the physical states of systems with stochastic uncertainties to a target set rapidly or within a given time. Further, we prove that our method is sound, complete, fast, and has low computational complexity if the target set can be expressed as a strip. Finally, we demonstrate the practicality of our solution through the implementation in multiple use cases encompassing both linear and nonlinear dynamics, including robotic vehicles, drones, and vehicles in high-fidelity simulators.

Pengyuan Lu,Lin Zhang,Mengyu Liu,Kaustubh Sridhar,Fanxin Kong,Oleg Sokolsky,Insup Lee

DOI: https://doi.org/10.1145/3653974

2024-04-06

Abstract:Cyber-physical systems (CPS) have experienced rapid growth in recent decades. However, like any other computer-based systems, malicious attacks evolve mutually, driving CPS to undesirable physical states and potentially causing catastrophes. Although the current state-of-the-art is well aware of this issue, the majority of researchers have not focused on CPS recovery, the procedure we defined as restoring a CPS's physical state back to a target condition under adversarial attacks. To call for attention on CPS recovery and identify existing efforts, we have surveyed a total of 30 relevant papers. We identify a major partition of the proposed recovery strategies: shallow recovery vs. deep recovery, where the former does not use a dedicated recovery controller while the latter does. Additionally, we surveyed exploratory research on topics that facilitate recovery. From these publications, we discuss the current state-of-the-art of CPS recovery, with respect to applications, attack type, attack surfaces and system dynamics. Then, we identify untouched sub-domains in this field and suggest possible future directions for researchers.

Systems and Control

Di Wang,Fangyu Li,Kaibo Liu,Xi Zhang

DOI: https://doi.org/10.1145/3582009

2024-01-01

ACM Transactions on Sensor Networks

Abstract:Cyber-Physical Systems (CPS) has emerged as a paradigm that connects cyber and physical worlds, which provides unprecedented opportunities to realize intelligent applications such as smart home, smart cities, and smart manufacturing. However, CPS faces a great number of information security challenges (e.g., attacks) due to the integration of CPS as well as the human behaviors and interactions. Therefore, accurate and real-time attack detection and identification are essential to ensure information security and reliability of CPS. In this paper, we propose a novel integrated learning method that accurately detects an attack of a CPS system and then identifies the attack type in real time. Specifically, we consider a One-Class Support Vector Machine (OCSVM) model that only relies on the data from the normal state for training to achieve a real-time and effective detection of a CPS system state (i.e., normal or under-attack). If the system is detected to be under-attack, we then develop a Pairwise Self-supervised Long Short-Term Memory (PSLSTM) approach to identify the attack type, which aims to accurately distinguish the known attack types and discover unknown new attacks. Lastly, experimental results show the proposed method achieves promising performances compared with conventional and state-of-the-art learning-based benchmarks.

Zhihao Chen,Xin Wang,Ning Pang,Yushan Shi

DOI: https://doi.org/10.3390/e25060900

IF: 2.738

2023-06-06

Entropy

Abstract:This paper focuses on the adaptive control problem of a class of uncertain time-delay nonlinear cyber-physical systems (CPSs) with both unknown time-varying deception attacks and full-state constraints. Since the sensors are disturbed by external deception attacks making the system state variables unknown, this paper first establishes a new backstepping control strategy based on compromised variables and uses dynamic surface techniques to solve the disadvantages of the huge computational effort of the backstepping technique, and then establishes attack compensators to mitigate the impact of unknown attack signals on the control performance. Second, the barrier Lyapunov function (BLF) is introduced to restrict the state variables. In addition, the unknown nonlinear terms of the system are approximated using radial basis function (RBF) neural networks, and the Lyapunov–Krasovskii function (LKF) is introduced to eliminate the influence of the unknown time-delay terms. Finally, an adaptive resilient controller is designed to ensure that the system state variables converge and satisfy the predefined state constraints, all signals of the closed-loop system are semi-globally uniformly ultimately bounded under the premise that the error variables converge to an adjustable neighborhood of origin. The numerical simulation experiments verify the validity of the theoretical results.

physics, multidisciplinary

Hongyan Yang,Shen Yin,Honggui Han,Haoyuan Sun

DOI: https://doi.org/10.1109/tii.2021.3111221

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Driven by the rapid development of modern industrial processes, cyber-physical systems (CPSs), which tightly conjoin computational and physical resources, have become ever-more prevalent during recent years. However, due to the intrinsical vulnerability of the cyber layer, the system performances of CPSs are easily degraded by malicious false data injection (FDI) attacks, which are launched by adversary. In this article, the issue of secure reconstruction is considered for linear CPSs with simultaneous sparse actuator and sensor attacks. First, an adaptive counteraction searching strategy is proposed to identify the potential combinational attack mode. In this way, malicious FDI attacks are excluded. Second, by constructing a descriptor switched sliding mode observer, the sparse FDI attacks and the system state are reconstructed effectively. Meanwhile, sufficient conditions of the error convergence can be derived. Finally, a numerical simulation is utilized to illustrate the applicability of the proposed theoretical derivation.

Jia Qi,Chongrong Fang,Jianping He

DOI: https://doi.org/10.1109/cdc49753.2023.10384272

2023-01-01

Abstract:Security issues are of significant importance for cyber-physical systems (CPS), where the attack design is a major concern. Most related studies on attack design implicitly consider that the control period and detection period are the same. However, the two periods could be different in practical systems with remote detection such as supervisory control and data acquisition (SCADA) systems, which could lead to new vulnerabilities for attackers. In this paper, we consider the design of innovation-based linear attack strategies for CPS when the control period and detection period are inconsistent. Specifically, we propose an attack framework that consists of attack strategies for detection and non-detection instants under the period discrepancy. On this basis, we design the optimal stealthy innovation-based linear attack strategies for state estimation and LQG control to maximize the estimation error or control cost, respectively. Simulations are given to demonstrate the effectiveness of the proposed attack strategies.

Yue Zhao,Xin Du,Chunjie Zhou,Yu-Chu Tian,Xiaoya Hu,Daniel E. Quevedo

DOI: https://doi.org/10.1109/tii.2021.3108876

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Resilient control of cyber-physical systems (CPSs) against actuator and/or sensor attacks has been extensively researched. However, the existing research considers actuator attacks and sensor attacks separately and also designs resilient controllers based on complex nonlinear system models caused by unknown actuator and sensor attacks. This increases the difficulty in the analysis, computation, and control of CPSs under attacks. To address this issue, this article introduces an idea to deal with both actuator attacks and sensor attacks together with feedback linearization control. This simplifies the mathematical modeling of attacked CPSs, thus reducing the difficulty of resilient controller design. Then, from the simplified modeling, a composite controller is designed to enhance system resilience. It ensures the dynamic and steady-state performance of CPSs under attacks. Simulation studies are undertaken to demonstrate the effectiveness of the proposed method.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Xiaochen Hao,Mingsong Lv,Jiesheng Zheng,Zhengkui Zhang,Wang Yi

DOI: https://doi.org/10.1109/iccd46524.2019.00037

2019-01-01

Abstract:With the rapid deployment of Cyber-Physical Systems (CPS), security has become a more critical problem than ever before, as such devices are interconnected and have access to a broad range of critical data. A well-known attack is ReturnOriented Programming (ROP) which can diverge the control flow of a program by exploiting the buffer overflow vulnerability. To protect a program from ROP attacks, a useful method is to instrument code into the protected program to do runtime control flow checking (known as Control Flow Integrity, CFI). However, instrumented code brings extra execution time, which has to be properly handled, as most CPS systems need to behave in a real-time manner. In this paper, we present a technique to efficiently compute an execution plan, which maximizes the number of executions of instrumented code to achieve maximal defense effect, and at the same time guarantees real-time schedulability of the protected task system with a new response time analysis. Simulation-based experimental results show that the proposed method can yield good quality execution plans, but performs orders of magnitude faster than exhaustive search. We also built a prototype in which a small auto-drive car is defended against ROP attacks by the proposed method implemented in FreeRTOS. The prototype demonstrates the effectiveness of our method in real-life scenarios.

Liwei An,Guang-Hong Yang

DOI: https://doi.org/10.1109/tcns.2018.2878507

IF: 4.347

2019-01-01

IEEE Transactions on Control of Network Systems

Abstract:This paper investigates the problem of secure control for cyber-physical systems (CPSs) under sensor and actuator attacks. The attacks are assumed to be sparse but arbitrary. The strong detectability under the sparse attacks is characterized by computing the rank of the so-called structural matrix pencil. An adaptive hybrid control strategy is proposed by automatically excluding the tampered measurement and input data. First, a hybrid system consisting of all possible combinations of models is implemented. Then, combining classical linear quadratic control theory, an adaptive switching logic is designed to online locate the proper system mode by observing the optimal performance index. As a result, the closed-loop system is ensured to be asymptotically stable in the presence of the attacks, while the performance loss can be mitigated. Also, the performance degradation under attacks is also analyzed quantificationally based on the quadratic cost function. Simulation results on an aircraft system are given to substantiate the proposed method.

Yilin Mo,Bruno Sinopoli

DOI: https://doi.org/10.1145/2185505.2185514

2012-01-01

Abstract:In this paper we consider the integrity attack on Cyber-Physical System(CPS), which is modeled as a discrete linear time-invariant system equipped with a Kalman filter, LQG controller and chi(2) failure detector. An attacker wishes to disturb the system by injecting external control inputs and fake sensor measurements. In order to perform the attack without being detected, the adversary will need to carefully design its actions to fool the failure detector as abnormal sensor measurements will result in an alarm. The adversary's strategy is formulated as a constrained control problem. In this paper, we characterize the reachable set of the system state and estimation error under the attack, which provides a quantitative measure of the resilience of the system. To this end, we will provide an ellipsoidal algorithm to compute the outer approximation of the reachable set. We also prove a necessary condition under which the reachable set is unbounded, indicating that the attacker can successfully destabilize the system.

Yabin Gao,Guanghui Sun,Jianxing Liu,Yang Shi,Ligang Wu

DOI: https://doi.org/10.1016/j.automatica.2019.108687

IF: 6.4

2020-01-01

Automatica

Abstract:In this paper, a practical state estimation strategy against joint sensor and actuator attacks is proposed for cyber-physical systems (CPSs). The CPSs are formulated based on delta operator for the requirement of real control systems with high-sampling or variable-sampling periods. The attacks fulfilling sparse observation condition are supposed to be randomly injected into both sensor and actuator units. Various numbers of attacks on sensors and actuators can be properly handled. Based on multiple observations of the attacked measurements, a new estimator in delta-domain is proposed to estimate the states of the attacked CPS. The convergence of the corresponding estimation error is analyzed based on pole assignment analysis and some matrix equality constraints. Further, by utilization of a dissipativity approach, estimator-based time-driven controller and self-triggered controller are designed for the enhancement of the estimations and the resource saving. Simulations for the joint attack scenario are provided to testify the applicability and effectiveness of the proposed estimation methods.

Mengze Yu,Wei Wang,Jiangshuai Huang,Changyun Wen,Jing Zhou

DOI: https://doi.org/10.1109/TCYB.2024.3373198

Abstract:In this article, the decentralized adaptive secure control problem for cyber-physical systems (CPSs) against deception attacks is investigated. The CPSs are formed as a type of nonlinear interconnected strict-feedback systems with uncertain time-varying parameters. The attack affects the information transmission between sensor and actuator in a multiplicative manner. A novel decentralized adaptive backstepping secure control strategy is established by exploiting a particular kind of Nussbaum functions and a flat-zone Lyapunov function analysis approach. It is shown that all of closed-loop signals remain globally bounded, and each output signal eventually converges into a small neighborhood of the origin. Simulation results on an illustrative example are provided to display the effectiveness of the proposed control scheme.

Shan Liu,Shanbin Li,Bugong Xu

DOI: https://doi.org/10.1080/00207179.2018.1537518

IF: 2.102

2018-10-30

International Journal of Control

Abstract:In this paper, we research the resilient control problem for cyber-physical system (CPS) under denial-of-service (DoS) attacks. These malicious DoS attacks aim to impede the communication of measurement data or control data in order to endanger the functionality of the closed-loop system. Meanwhile, in order to save network resources, event-triggered mechanism has been introduced into this CPS. By exploiting the relationship between cyber system and physical system, we aim to design the resilient controller and resilient control strategy to tolerate a class of DoS signals characterised by probability without serious hazard to the stability and performance of CPS. Furthermore, considering that the transition probability of cyber state is unknown, the on-policy reinforcement learning method – SARSA (State-Action-Reward-State-Action) – is used to solve this problem. Thus a resilient control algorithm that integrates game theory, robust control theory, event-triggered control method and SARSA learning method is presented to enhance the security and robustness of the CPS. At last, the numerical simulation and experimental results are given to demonstrate the validity and applicability of the proposed algorithm.

automation & control systems

Prakhar Ganesh,Xin Lou,Yao Chen,Rui Tan,David K. Y. Yau,Deming Chen,Marianne Winslett

DOI: https://doi.org/10.1109/tsg.2021.3058682

IF: 10.275

2021-07-01

IEEE Transactions on Smart Grid

Abstract:Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.

engineering, electrical & electronic

Liwei An,Guang-Hong Yang

DOI: https://doi.org/10.1016/j.ins.2017.09.042

IF: 8.1

2018-01-01

Information Sciences

Abstract:In this paper, an improved adaptive resilient control scheme is proposed for mitigating adversarial attacks in cyber-physical systems (CPSs). By introducing a two-step backstepping approach, an adaptive bound estimation mechanism and a Nussbam function with faster growth rate, the effects of unknown sensor and actuator attacks are successfully mitigated. An exponentially-decaying barrier Lypunov function is used to constrain state variables. Compared with the existing results where only uniform ultimate boundedness is achieved, the developed controller guarantees that the closed-loop system is asymptotically stable and simultaneously the state constraints are not violated even in the presence of the time-varying sensor and actuator attacks. Simulation results are presented to verify the efficacy of the proposed scheme.

Yizhou Sun,Ya Zhang

DOI: https://doi.org/10.1109/icarcv57592.2022.10004235

2022-01-01

Abstract:In this study, an adaptive controller for Cyber-Physical Systems(CPSs) subjected to cyberattacks is proposed to track a class of target system with unknown inputs and states. Firstly, an estimation strategy is proposed to adaptively estimate the unknown inputs and states of target on the basis of finite impulse response (FIR) filter. Secondly, due to the existence of cyberattacks in CPSs, an adaptive tracking control scheme with designed compensation signal is constructed to stabilize the system performance which might be damaged by attacks, where Lyapunov function related to adaptive estimated factor is adopted to prove that the CPSs are able to track the target under attacks. In the last part, a numerical experiment is implemented to demonstrate the validity of the theoretical results.